Re: [Puppet Users] how to customize hiera lookups per node?
On Thu, Mar 07, 2013 at 12:11:09PM -0800, James Ralston wrote: At this point, all of the modules we have written use parameterized classes. That way, when we call the module from the host's node.pp file, we can override defaults (if necessary). I lump all nodes into the node default and send all hosts thru one manifest. It processes thru a hash of hashes derived from one yaml file with lookups based on ${hostname} only. There is no parameterized classes in use. $hostname is the only fact in use; we don't trust the nodes facts. node default { include processhosts } The main thing we're trying to understand is how each host manifest can declare its own hiera hierarchy for data lookup. We can't do this with the yaml backend, because the yaml backend will apply the same hierarchy to EVERY client, because all Puppet clients use the /etc/puppet/hiera.yaml file on the puppetmaster. Granted, we can customize the hierarchy on the puppetmaster with facter facts, but that doesn't give us enough control. You can use one yaml file for all hosts to accomplish the above. $ more hiera.yaml --- :backends: - yaml :hierarchy: - %{hostname} - common I could overlay individual hostname.yaml files but I just keep the hash of hashes in one yaml file, common.yaml. $ more hieradata/common.yaml servers : node-a : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server_role: site-server location: [] smtp-server: nil node-b : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server_role: site-server location: [] smtp-server: nil node-c : sshd_auth: ldap ClientAliveInterval: nil ClientAliveCountMax: nil server_role: linux-site-server location: [] smtp-server: postfix $ more modules/processhosts/manifests/init.pp class processhosts { $all_data = hiera_hash('servers') $node_data = $all_data[$hostname] $sshd_type = $node_data['sshd_auth'] $server_role = $node_data['server_role'] $ClientAliveInterval = $node_data['ClientAliveInterval'] $ClientAliveCountMax = $node_data['ClientAliveCountMax'] $location = $node_data['location'] $smtp = $node_data['smtp-server'] notice my name is $hostname and I am using hiera from YAML notice ( setting sshd_type: $sshd_type ) case $server_role { site-server: { notice ${hostname} is a site-server } linux-site-server: { notice ${hostname} is a linux-site-server } linux-site-vm: { notice ${hostname} is a linux-site-vm include pkg::apt } general: { notice ${hostname} is a general-server } fbsdhost: { notice ${hostname} is a fbsdhost include admin::snmpd } nil: { notice ${hostname} is a server of undefined type } default: { notice ${hostname} is a server of undefined type and not nil } } case $mysudo { '': { include admin::sudo } } } The processhosts module imports other manifests based on the hostname lookup of the 'servers' hash of hashes in common.yaml. This has proven to be sane and flexible. If the node isn't defined in the common.yaml, you get a catalog error err: Could not retrieve catalog from remote server:. Regards, -dkw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Hiera, Hashes, and Create_resources
On Mon, Aug 27, 2012 at 08:10:34AM -0700, jcbollinger wrote: # cat common.yaml --- searchdomain: 'example.com' ssh_auth: ldap servers : server-a : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server-b : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server-c : sshd_auth: ldap ClientAliveInterval: nil ClientAliveCountMax: nil server-d : sshd_auth: ldap ClientAliveInterval: 10 ClientAliveCountMax: 3 Furthermore, you may be approaching this altogether the wrong way. If it is part of the nature of sshd_lookup that no node will ever need to declare more than one instance, then sshd_lookup should probably be a class instead of a definition: class sshd_lookup { $all_data = hiera_hash('servers') $node_data = $all_data[$hostname] $sshd_auth = $node_data['sshd_auth'] $ClientAliveInterval = $node_data['ClientAliveInterval'] $ClientAliveCountMax = $node_data['ClientAliveCountMax'] $server_role = $node_data['server_role'] $location = $node_data['location'] $sshd_type = $data[$hostname]['sshd_auth'] # ... } Hi: I've been in a hole for while now and my puppet setup was working (albeit, very inefficiently and harder to read) until I upgraded recently, to puppet 3.0.x, so I came back to this thread. This approach of getting the entire hash out of the YAML via hiera from a class (as detailed above) instead of a defined type solved my problem and is much more elegant. I am still configuring all my hosts in a single YAML file Hash of Hashes (HoH). You questioned the approach and here it is: 1.) All hosts are in the node default 2.) The node default calls a single master module which parses the YAML HoH based on the facter hostname and performs role logic in puppet DSL and calls every other necessary module/manifest as the roles dictate. Every node is fully defined for every variable in the YAML file. Only this module should have configuration data in it. I suppose it could use ruby DSL if we wanted to here also. node default -- master_module w/ YAML HOH lookup and role logic -- other modules (dns, ssh, ldap, sudo) The only other module/manifest I haven't been able to remove configuration data from is local ssh users, ssh keys etc. I suppose I could place users and ssh keys in another YAML file of structured data. Thanks, -dkw John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Hiera, Hashes, and Create_resources
Howdy: I need some help please to get hiera configuration data derived from YAML, thru puppet. I have studied Internet search results and puppet documentation on create_resources and custom defines but need a little help along. I can print out the YAML from variables, arrays, and, finally, hashes too from a puppet manifest. One thing that is stumping me is how to access from the custom define only the YAML element of server-a which is I believe is an object of an array of hashes as I have the YAML laid out. When I run this on client host server-a against the manifest this prints out in the log: Aug 17 12:59:09 puppet puppet-master[67407]: (Scope(Sshd_lookup[server-a])) setting sshd_type: local Aug 17 12:59:09 puppet puppet-master[67407]: (Scope(Sshd_lookup[server-b])) setting sshd_type: local Aug 17 12:59:09 puppet puppet-master[67407]: (Scope(Sshd_lookup[server-c])) setting sshd_type: local Aug 17 12:59:09 puppet puppet-master[67407]: (Scope(Sshd_lookup[server-d])) setting sshd_type: local I want it to print out just server-a's value. How do I do that? Also, interestingly, it printed out each of the server names (keys?) in the hash but the value of the server-a's sshd_auth entry. My YAML, puppet manifest and error follow. # cat common.yaml --- searchdomain: 'example.com' ssh_auth: ldap servers : server-a : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server-b : sshd_auth: local ClientAliveInterval: nil ClientAliveCountMax: nil server-c : sshd_auth: ldap ClientAliveInterval: nil ClientAliveCountMax: nil server-d : sshd_auth: ldap ClientAliveInterval: 10 ClientAliveCountMax: 3 # cat ../hiera.yaml --- :backends: - yaml :logger: console :hierarchy: - %{hostname} - common :yaml: :datadir: /usr/local/etc/puppet/hieradata # cat Inuit.pp class user { $sshd_hash = hiera(servers) create_resources('sshd_lookup', $sshd_hash) } define sshd_lookup ( $sshd_auth, $ClientAliveInterval, $ClientAliveCountMax, $server_role, $location ) { $data = hiera_hash('servers') $sshd_type = $data[$hostname]['sshd_auth'] notice (setting sshd_type: $sshd_type ) } Thanks, Regards, -dkw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] hiera questions
On Thu, Jun 28, 2012 at 08:04:09PM +0100, R.I.Pienaar wrote: I would make facts on the nodes for these. Let say $role and $subrole and then just use those in your hierarchy with %{role} and %{subrole} thus allowing you to set variable for all those machines there. Howdy: I was wondering what is the best way to manage custom facts for a disparate group of servers that need to report different fact values for the same fact name? I am about to embark on hiera-based puppet architecture and want to archetect it only once. I have some doubts about the recommended ways of rolling out facter as it can get messy burying facter server host configuration logic in disparate modules. Let's say you want to create only one custom fact script to manage all your facts based on data center location and functional server host grouping. You decide you can manage all your custom facts from one ruby/facter script if you create a ruby function using a hash with your facter matching hostnames loaded in the hash as the key and you can lookup location and function. Now you have to choose which module to roll it from, but it's arbitrary. Would one hash in a single custom facter script be enough configuration for the all the hosts? I argue it would as you can add rows and columns to the hash, so it should be able to support all your facter needs. Either using custom facts or loading in all your hosts into a hiera hash, you still have to know your hostnames. However, why bury your custom facter script in a module with all the configuration in there too? The current architecture and directed use of facter alongside puppet/hiera seems to go against the nature of moving your configuration out of manifests as the direction of puppet/hiera is headed now. I was thinking of creating a hiera hash or two (I am using YAML so far. I could use as many hashes as required but one should be enough probably, plus any arrays), including the information/configuration, grouping servers by location and function, minimally. In my puppet modules I can use hiera to call up my hash and create ruby/puppet functions to do the server host location and functional logic based on the default facter facts of hostname and operatingsystem reported by the server host themselves. All the configuration remains in hiera and the module manifests remain puppet business logic. Comments? Regards, -dkw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] hiera questions
On Mon, Jul 02, 2012 at 10:13:51PM +0200, Jan Ivar Beddari wrote: On 02. juli 2012 17:26, Darryl Wisneski wrote: Regards, -dkw Ouch, sorry Darryl, I hit the wrong button and posted what I thought of as a private very quick reply to you .. right on the list. Jan: I too am sorry I stole the thread. I had best intentions, alas I got carried away. I am interested in learning how you structured your hiera data and dealt with puppet code with the use of no/limited facts. The security point is well taken. At some point though, there has to be trust (obviously). General security best-practice considers mitigating procedures (such as IDS, file integrity monitoring (aide), and regular patching) your best attempt to avoid placing too much trust in the management tool. Regards, -dkw Now at least everyone sees my honest-to-god thoughts on the matter. And the scope of the message becomes a bit more broad. Might even be worth starting a new thread. To the OP, sorry for being such a thread crasher. As to your question I think the answers you got are OK but hopefully you understand what caveats there might be security-wise. best, Jan Ivar -- http://www.uib.no/personer/Jan.Ivar.Beddari -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] augeas-0.10.0_1 in FreeBSD can't see /etc/rc.conf
Howdy: Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't get augeas to address /etc/rc.conf. I was able to modify key/values in /etc/rc.conf in augeas-0.7.1_2 in my puppet classes and augtool. I think I recall Dominic saying that the /etc/rc.conf lens was added by the FreeBSD ports maintainer. Can you help please? I just refreshed my ports tree (portsnap fetch extract) and remade augeas. The checksums on the lens files has not changes between versions. I am seeing this behavior in FreeBSD 8.2 and 9.0 RELEASE. # pwd /usr/ports/textproc/augeas # make deinstall reinstall clean Here is the output of augtool: broken: # pkg_info |grep augeas augeas-0.10.0_1 A configuration editing tool # find /usr/local/share/augeas/lenses/ -name *rcconf* -exec sum {} \; 29678 1 /usr/local/share/augeas/lenses/tests/rcconf.aug 13563 1 /usr/local/share/augeas/lenses/rcconf.aug # augtool augtool print /files/etc/rc.conf augtool works: # pkg_info |grep augeas augeas-0.7.1_2 A configuration editing tool $ find /usr/local/share/augeas/lenses/ -name *rcconf* -exec sum {} \; 13563 1 /usr/local/share/augeas/lenses/rcconf.aug 29678 1 /usr/local/share/augeas/lenses/tests/rcconf.aug # augtool augtool print /files/etc/rc.conf /files/etc/rc.conf /files/etc/rc.conf/cloned_interfaces = lagg0 vlan502 vlan503 tap0 [snip] /files/etc/rc.conf/ifconfig_em0 = up /files/etc/rc.conf/ifconfig_em1 = up /files/etc/rc.conf/ifconfig_lagg0 = up laggproto failover laggport em0 laggport em1 /files/etc/rc.conf/openssh_enable = YES /files/etc/rc.conf/ntpd_enable = YES /files/etc/rc.conf/ntpd_sync_on_start = YES /files/etc/rc.conf/nrpe2_enable = YES /files/etc/rc.conf/sendmail_enable = NONE /files/etc/rc.conf/tmpmfs = YES /files/etc/rc.conf/postgresql_enable = YES /files/etc/rc.conf/puppet_enable = YES /files/etc/rc.conf/snmpd_enable = YES /files/etc/rc.conf/pf_enable = YES /files/etc/rc.conf/jail_enable = YES [snip] Thanks, -dkw -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: augeas-0.10.0_1 in FreeBSD can't see /etc/rc.conf
Hi Steve: On Tue, May 01, 2012 at 02:15:25PM -0400, Steve Wills wrote: Hi, Thanks for the info. Something is definitely not right, but it doesn't seem to work for me even with the older version: It looks like the problem is that the fix in ticket 255: https://fedorahosted.org/augeas/ticket/255 https://fedorahosted.org/augeas/changeset/95515f45adf192ab10e6c6ffbd69b5977a9f78b2/ The patch worked but the rc.conf potentially needs double quotes on the RHS, or value. No? It seems this functionality conflicts with the resolution of ticket 255. -dkw is not included in the current release. That's OK, I can patch it in. See attached patch. With this, I get: % augtool --version augtool 0.10.0 http://augeas.net/ Copyright (C) 2007-2011 David Lutterkort License LGPLv2+: GNU LGPL version 2.1 or later http://www.gnu.org/licenses/lgpl-2.1.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by David Lutterkort % augtool print /files/etc/rc.conf /files/etc/rc.conf /files/etc/rc.conf/keymap = \us.pc-ctrl\ /files/etc/rc.conf/sshd_enable = \YES\ [snip] % If this works for you, I'll go ahead and commit this. Thanks, Steve Howdy: Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't get augeas to address /etc/rc.conf. I was able to modify key/values in /etc/rc.conf in augeas-0.7.1_2 in my puppet classes and augtool. I think I recall Dominic saying that the /etc/rc.conf lens was added by the FreeBSD ports maintainer. Can you help please? I just refreshed my ports tree (portsnap fetch extract) and remade augeas. The checksums on the lens files has not changes between versions. I am seeing this behavior in FreeBSD 8.2 and 9.0 RELEASE. # pwd /usr/ports/textproc/augeas # make deinstall reinstall clean Here is the output of augtool: broken: # pkg_info |grep augeas augeas-0.10.0_1 A configuration editing tool # find /usr/local/share/augeas/lenses/ -name *rcconf* -exec sum {} \; 29678 1 /usr/local/share/augeas/lenses/tests/rcconf.aug 13563 1 /usr/local/share/augeas/lenses/rcconf.aug # augtool augtool print /files/etc/rc.conf augtool works: # pkg_info |grep augeas augeas-0.7.1_2 A configuration editing tool $ find /usr/local/share/augeas/lenses/ -name *rcconf* -exec sum {} \; 13563 1 /usr/local/share/augeas/lenses/rcconf.aug 29678 1 /usr/local/share/augeas/lenses/tests/rcconf.aug # augtool augtool print /files/etc/rc.conf /files/etc/rc.conf /files/etc/rc.conf/cloned_interfaces = lagg0 vlan502 vlan503 tap0 [snip] /files/etc/rc.conf/ifconfig_em0 = up /files/etc/rc.conf/ifconfig_em1 = up /files/etc/rc.conf/ifconfig_lagg0 = up laggproto failover laggport em0 laggport em1 /files/etc/rc.conf/openssh_enable = YES /files/etc/rc.conf/ntpd_enable = YES /files/etc/rc.conf/ntpd_sync_on_start = YES /files/etc/rc.conf/nrpe2_enable = YES /files/etc/rc.conf/sendmail_enable = NONE /files/etc/rc.conf/tmpmfs = YES /files/etc/rc.conf/postgresql_enable = YES /files/etc/rc.conf/puppet_enable = YES /files/etc/rc.conf/snmpd_enable = YES /files/etc/rc.conf/pf_enable = YES /files/etc/rc.conf/jail_enable = YES [snip] Thanks, -dkw Index: Makefile === RCS file: /home/pcvs/ports/textproc/augeas/Makefile,v retrieving revision 1.10 diff -u -r1.10 Makefile --- Makefile 25 Apr 2012 01:11:34 - 1.10 +++ Makefile 1 May 2012 18:09:53 - @@ -8,7 +8,7 @@ PORTNAME=augeas PORTVERSION= 0.10.0 -PORTREVISION=1 +PORTREVISION=2 CATEGORIES= textproc MASTER_SITES=http://augeas.net/download/ @@ -38,7 +38,6 @@ post-install: ${MKDIR} ${LENSESDIR}/tests - ${INSTALL_DATA} ${FILESDIR}/rcconf.aug ${LENSESDIR}/rcconf.aug ${INSTALL_DATA} ${FILESDIR}/test_rcconf.aug ${LENSESDIR}/tests/rcconf.aug .include bsd.port.mk Index: pkg-plist === RCS file: /home/pcvs/ports/textproc/augeas/pkg-plist,v retrieving revision 1.2 diff -u -r1.2 pkg-plist --- pkg-plist 12 Feb 2012 13:17:44 - 1.2 +++ pkg-plist 1 May 2012 18:09:53 - @@ -231,7 +231,6 @@ %%DATADIR%%/lenses/dist/xml.aug %%DATADIR%%/lenses/dist/xorg.aug %%DATADIR%%/lenses/dist/yum.aug -%%DATADIR%%/lenses/rcconf.aug %%DATADIR%%/lenses/tests/rcconf.aug share/vim/vimfiles/ftdetect/augeas.vim share/vim/vimfiles/syntax/augeas.vim Index: files/patch-lenses__shellvars.aug === RCS file: files/patch-lenses__shellvars.aug diff -N files/patch-lenses__shellvars.aug --- /dev/null 1 Jan 1970 00:00:00 - +++ files/patch-lenses__shellvars.aug 1 May 2012 18:09:53 - @@ -0,0 +1,10 @@ +--- ./lenses/shellvars.aug.orig 2012-05-01
Re: [Puppet Users] augeas-0.10.0_1 in FreeBSD can't see /etc/rc.conf
Hi Dominic: On Tue, May 01, 2012 at 09:01:16PM +0100, Dominic Cleal wrote: Hi Darryl, On 01/05/12 16:11, Darryl Wisneski wrote: Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't get augeas to address /etc/rc.conf. I was able to modify key/values in /etc/rc.conf in augeas-0.7.1_2 in my puppet classes and augtool. I think I recall Dominic saying that the /etc/rc.conf lens was added by the FreeBSD ports maintainer. Can you help please? I just refreshed my ports tree (portsnap fetch extract) and remade augeas. The checksums on the lens files has not changes between versions. I am seeing this behavior in FreeBSD 8.2 and 9.0 RELEASE. There are a few overlapping issues with /etc/rc.conf. There is indeed a lens shipped with the FreeBSD port which you're seeing here. In Augeas 0.8.1, rc.conf was added to the Shellvars lens shipped with Augeas itself, but then in 0.10.0 it was accidentally removed from the list. This has been fixed in git, but is unreleased. I suspect on 0.7.1 you're using the FreeBSD lens. On 0.10.0 you would have to be using the FreeBSD lens, but it looks like this isn't being picked up - so either the rcconf.aug lens is disabled somehow (or isn't in the right search path) or it is failing to parse your rc.conf file. broken: # pkg_info |grep augeas augeas-0.10.0_1 A configuration editing tool # find /usr/local/share/augeas/lenses/ -name *rcconf* -exec sum {} \; 29678 1 /usr/local/share/augeas/lenses/tests/rcconf.aug 13563 1 /usr/local/share/augeas/lenses/rcconf.aug # augtool augtool print /files/etc/rc.conf augtool Could you try running this in augtool to see if a lens is being used, and if there are errors? print /augeas/files/etc/rc.conf/ Just reinstalling the problematic port here: augeas-0.10.0_1 install -o root -g wheel -m 444 /usr/ports/textproc/augeas/files/test_rcconf.aug /usr/local/share/augeas/lenses/tests/rcconf.aug === Compressing manual pages for augeas-0.10.0_1 === Running ldconfig /sbin/ldconfig -m /usr/local/lib === Registering installation for augeas-0.10.0_1 # augtool --version augtool 0.10.0 http://augeas.net/ Copyright (C) 2007-2011 David Lutterkort License LGPLv2+: GNU LGPL version 2.1 or later http://www.gnu.org/licenses/lgpl-2.1.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by David Lutterkort # augtool augtool print /augeas/files/etc/rc.conf /augeas/files/etc/rc.conf /augeas/files/etc/rc.conf/path = /files/etc/rc.conf /augeas/files/etc/rc.conf/mtime = 1335894110 /augeas/files/etc/rc.conf/lens = @RcConf /augeas/files/etc/rc.conf/lens/info = /usr/local/share/augeas/lenses/rcconf.aug:15.11-.39: -dkw -- Dominic Cleal Red Hat Consulting m: +44 (0)7817 878113 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet and FreeBSD
Howdy: On Mon, Apr 23, 2012 at 06:29:38AM -0700, Jamie Scott wrote: Hello all, Wondering if any of you could help me. We've been using puppet on our CentOS servers for a while now with no problems at all, very much out of the box but we do have some MySQL servers running FreeBSD (for the slightly better memory utilisation). I've taken up the challenge to get these FreeBSD servers talking to our puppet master but I'm having no ends of trouble with trying to get the manifests working. Forgetting the operating system variables and just going for a straight install of a package such as mytop this is what I have tried in our manifest: This didn't seem to work at all: package { 'mytop': ensure = installed } Gave me this message on the server: *puppet-agent[3232]: (/Stage[main]/Node[###]/Package[mytop]/ensure) change from absent to present failed: mytop: not in required origin format: .*/port_category/port_name* To get rid of this error you have to build the puppet from ports on the freebsd client host and uncheck the PACKAGE_ORIGIN option. I don't pretend to understand why. cd /usr/ports/sysutils/puppet ; make install # cat /var/db/ports/puppet/options # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for puppet-2.7.12 _OPTIONS_READ=puppet-2.7.12 WITHOUT_MONGREL=true WITHOUT_PACKAGE_ORIGIN=true WITHOUT_PACKAGE_ROOT=true The below package stanza looks correct. -dkw So instead I tried listing the full port name even with the provider: package { '.*/databases/mytop': ensure = installed, provider = freebsd, } Now it is giving me this message: *puppet-agent[3232]: (/Stage[main]//Node[* *###**]/Package[.*/databases/mytop]/ensure) change from absent to present failed: Could not fetch ports INDEX: 500 Illegal PORT range rejected.* Even with specifiying a source: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ I don't seem to be getting very far! Here is a print out of the debug log: debug: Puppet::Type::Package::ProviderFreebsd: Executing '/usr/sbin/pkg_info -aoQ' debug: Package: .*/databases/mytop: origin = {:port_name=mytop, :port_category=databases} debug: Package: .*/databases/mytop: source = #URI::FTP:0x29869038 URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ debug: Fetching INDEX: #URI::FTP:0x298684e4 URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/INDEX.bz2 err: /Stage[main]//Node[boomer.sov.m-w.co.uk]/Package[.*/databases/mytop]/ensure: change from absent to present failed: Could not fetch ports INDEX: 500 Illegal PORT range rejected. Some odd behaviour I've noticed as well, when packages are already installed it doesn't seem to register as them being there. Looking for information about puppet on FreeBSD is like trying to find a needle in a haystack. I hope someone can help, any input would be appreciated! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Bzhfr9UMSNEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet and FreeBSD
On Mon, Apr 23, 2012 at 07:08:48AM -0700, Jamie Scott wrote: dkw, that worked! Now I only need to use: package { 'mytop': ensure = installed } How have you been handling the differences between centos/rhel and fbsd? If statements? I am going the other way where I have manifests written mostly for fbsd and now will add rhel/debian specific stuff. Augeas has been a great help mangling text files. The devs on IRC #augeas are helpful too. Regards, -dkw I can't tell you how happy I am! Thank you!!! Jamie On Monday, 23 April 2012 14:54:03 UTC+1, dkw wrote: Howdy: On Mon, Apr 23, 2012 at 06:29:38AM -0700, Jamie Scott wrote: Hello all, Wondering if any of you could help me. We've been using puppet on our CentOS servers for a while now with no problems at all, very much out of the box but we do have some MySQL servers running FreeBSD (for the slightly better memory utilisation). I've taken up the challenge to get these FreeBSD servers talking to our puppet master but I'm having no ends of trouble with trying to get the manifests working. Forgetting the operating system variables and just going for a straight install of a package such as mytop this is what I have tried in our manifest: This didn't seem to work at all: package { 'mytop': ensure = installed } Gave me this message on the server: *puppet-agent[3232]: (/Stage[main]/Node[###]/Package[mytop]/ensure) change from absent to present failed: mytop: not in required origin format: .*/port_category/port_name* To get rid of this error you have to build the puppet from ports on the freebsd client host and uncheck the PACKAGE_ORIGIN option. I don't pretend to understand why. cd /usr/ports/sysutils/puppet ; make install # cat /var/db/ports/puppet/options # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for puppet-2.7.12 _OPTIONS_READ=puppet-2.7.12 WITHOUT_MONGREL=true WITHOUT_PACKAGE_ORIGIN=true WITHOUT_PACKAGE_ROOT=true The below package stanza looks correct. -dkw So instead I tried listing the full port name even with the provider: package { '.*/databases/mytop': ensure = installed, provider = freebsd, } Now it is giving me this message: *puppet-agent[3232]: (/Stage[main]//Node[* *###**]/Package[.*/databases/mytop]/ensure) change from absent to present failed: Could not fetch ports INDEX: 500 Illegal PORT range rejected.* Even with specifiying a source: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ I don't seem to be getting very far! Here is a print out of the debug log: debug: Puppet::Type::Package::ProviderFreebsd: Executing '/usr/sbin/pkg_info -aoQ' debug: Package: .*/databases/mytop: origin = {:port_name=mytop, :port_category=databases} debug: Package: .*/databases/mytop: source = #URI::FTP:0x29869038 URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ debug: Fetching INDEX: #URI::FTP:0x298684e4 URL: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/INDEX.bz2 err: /Stage[main]//Node[boomer.sov.m-w.co.uk]/Package[.*/databases/mytop]/ensure: change from absent to present failed: Could not fetch ports INDEX: 500 Illegal PORT range rejected. Some odd behaviour I've noticed as well, when packages are already installed it doesn't seem to register as them being there. Looking for information about puppet on FreeBSD is like trying to find a needle in a haystack. I hope someone can help, any input would be appreciated! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Bzhfr9UMSNEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/IXZpcVO-beAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this
Re: [Puppet Users] Puppet and FreeBSD
On Mon, Apr 23, 2012 at 10:42:53AM -0400, Christopher Wood wrote: Breaking in late... I use some defaults to ensure I get binary packages out of my local mirror. (I'm not terribly fussed about binary-only packages, possibly because I come from a Linux background.) case $::operatingsystem { freebsd: { # For this we still have to specify freebsd'ish names. Instead of # 'ntp', we have to use 'net/ntp'. Package { provider = 'freebsd', source = 'http://repos/pub/FreeBSD/ports/amd64/packages-9.0-release/', } } } That repository source statement is pretty powerful stuff and will help us out extremely here. Have you tried to get puppet to do make install? The outcome is probably too variable anyhow. That is pretty clear case syntax too. I have seen that on the puppetlabs site too. Here is some background on the freebsd provider giving the error: not in required origin format: .*/port_category/port_name http://www.mail-archive.com/puppet-dev@googlegroups.com/msg13765.html Then as mentioned above: package { 'net/ntp': } I found that if I specified other styles of package names with the freebsd package provider they would be reinstalled with every puppet run. I have been OK specifying only the package and not half of the ports directory tree so far. For some modules I use the 'include module::$operatingsystem' syntax, for others I use a case statement. I'm still undecided which is better, but so far it depends how much systems diverge from each other on a per-module basis. On Mon, Apr 23, 2012 at 07:08:48AM -0700, Jamie Scott wrote: dkw, that worked! Now I only need to use: package { 'mytop': ensure = installed } I can't tell you how happy I am! Thank you!!! Jamie On Monday, 23 April 2012 14:54:03 UTC+1, dkw wrote: Howdy: On Mon, Apr 23, 2012 at 06:29:38AM -0700, Jamie Scott wrote: Hello all, Wondering if any of you could help me. We've been using puppet on our CentOS servers for a while now with no problems at all, very much out of the box but we do have some MySQL servers running FreeBSD (for the slightly better memory utilisation). I've taken up the challenge to get these FreeBSD servers talking to our puppet master but I'm having no ends of trouble with trying to get the manifests working. Forgetting the operating system variables and just going for a straight install of a package such as mytop this is what I have tried in our manifest: This didn't seem to work at all: ? ? ?package { 'mytop': ensure = installed } ? ? ?Gave me this message on the server: *puppet-agent[3232]: (/Stage[main]/Node[###]/Package[mytop]/ensure) change from absent to present failed: mytop: not in required origin format: .*/port_category/port_name* To get rid of this error you have to build the puppet from ports on the freebsd client host and uncheck the PACKAGE_ORIGIN option. I don't pretend to understand why. cd /usr/ports/sysutils/puppet ; make install # cat /var/db/ports/puppet/options # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for puppet-2.7.12 _OPTIONS_READ=puppet-2.7.12 WITHOUT_MONGREL=true WITHOUT_PACKAGE_ORIGIN=true WITHOUT_PACKAGE_ROOT=true The below package stanza looks correct. -dkw So instead I tried listing the full port name even with the provider: ? ? package { '.*/databases/mytop': ? ? ? ? ? ? ensure = installed, ? ? ? ? ? ? provider = freebsd, ? ? ? ? ? ? } ? ? ? Now it is giving me this message: *puppet-agent[3232]: (/Stage[main]//Node[* *###**]/Package[.*/databases/mytop]/ensure) change from absent to present failed: Could not fetch ports INDEX: 500 Illegal PORT range rejected.* Even with specifiying a source: [1]ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ ?I don't seem to be getting very far! Here is a print out of the debug log: debug: Puppet::Type::Package::ProviderFreebsd: Executing '/usr/sbin/pkg_info -aoQ' debug: Package: .*/databases/mytop: origin = {:port_name=mytop, :port_category=databases} debug: Package: .*/databases/mytop: source = #URI::FTP:0x29869038 URL:[2]ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/ debug: Fetching INDEX: #URI::FTP:0x298684e4 URL:[3]ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/INDEX.bz2
Re: [Puppet Users] FreeBSD Port
Why not this? 'puppet agent -t' or 'puppet agent --test' From puppet help.. (ughh, no manpage) * --test: Enable the most common options used for testing. These are 'onetime', 'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure', 'detailed-exit-codes', 'no-splay', and 'show_diff'. -dkw On Wed, Apr 11, 2012 at 10:02:10AM -0400, Christopher Wood wrote: (I'm just starting with FreeBSD, albeit with some months of puppet experience.) The puppet agent implies a daemon, but try something like this for a single run in the foreground: puppet agent --no-daemonize --onetime On Wed, Apr 11, 2012 at 07:31:14AM -0400, JA wrote: I have installed puppet using the FreeBSD port. However, when I try to use the agent, it attempts to start the puppetd daemon. It seems that there is no way to use this installation without running the daemon. Can anyone shed any light on this? Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] FreeBSD Port
Jackie: Please post your 1.) puppet.conf, OS Relase, and version of puppet. 2.) uname -a 3.) pkg_info |grep puppet Can you check the ps output to make sure there wasn't already a running puppet. Do you have any jails on the machine that may be running puppet as well and causing PID confusion? Thanks, -dkw On Wed, Apr 11, 2012 at 10:50:10AM -0400, Christopher Wood wrote: I couldn't say, perhaps different versions? Or run with more verbosity and see what both versions are doing. Puppet 2.6.2 on Debian Stable (6.0.4): Enable the most common options used for testing. These are +onetime+, +verbose+, +ignorecache, +no-daemonize+, and +no-usecacheonfailure+. Puppet 2.7.6 on FreeBSD (9.0-RELEASE): Enable the most common options used for testing. These are 'onetime', 'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure', 'detailed-exit-codes', 'no-splay', and 'show_diff'. I'm not sure it matters as long as you can get a onetime run. Dig into the ruby code if it's really bothering you, of course. As to Darryl's comment in another branch, I haven't needed more than no-daemonize, verbose, and debug to solve all my problems so far. On Wed, Apr 11, 2012 at 10:27:19AM -0400, JA wrote: Thanks so much! However, I am a bit stumped and would so appreciate any clarity you can provide. If I execute 'puppet agent --test' on a RHEL box, it does not start the daemon. But, if I do the same thing using the FreeBSD port, it does attempt to start the daemon. Obviously, I am missing something here... Thanks! Jackie On Wed, Apr 11, 2012 at 10:02 AM, Christopher Wood christopher_w...@pobox.com wrote: (I'm just starting with FreeBSD, albeit with some months of puppet experience.) The puppet agent implies a daemon, but try something like this for a single run in the foreground: puppet agent --no-daemonize --onetime On Wed, Apr 11, 2012 at 07:31:14AM -0400, JA wrote: I have installed puppet using the FreeBSD port. ?However, when I try to use the agent, it attempts to start the puppetd daemon. ?It seems that there is no way to use this installation without running the daemon. ?Can anyone shed any light on this? Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.